The CFO Guide to Financial Security

Chief financial officers are responsible for overseeing some of the most important functions of the average company, from tracking cash flow to planning and taking responsibility for major financial decisions.

However, in the modern business environment, it's becoming increasingly clear that the CFO's remit needs to extend beyond fundamental financial processes. Security is one area where you need to be fully aware of the latest trends and threats, so you can support the organization's efforts to protect against risk.

Why security must be on the CFO's radar

The digital-first environment in which all businesses now operate gives rise to many opportunities and efficiencies, but it also brings certain risks, such as increased exposure to cyberattacks.

This is a major concern for CFOs, since a successful attack is likely to have major financial implications. The assault itself might be financially motivated - in the case of ransomware, for example, which costs businesses an estimated $75 billion a year - but there’s also a serious risk of fines from regulators and revenue loss due to reputational damage.

Finance leaders therefore need to be just as involved in the drive for stronger security as their counterparts in the IT department.

In its Cyber and the CFO report, the Association of Chartered Certified Accountants (ACCA) underlined the need to establish effective governance to manage cyber risk. The trade body stressed that cybersecurity should be viewed as a business risk, not just a technical issue, and effective safeguards should be backed up by clear policies and compliance.

CFOs recognize security risks

Encouragingly, the majority of CFOs appear to be well aware of the need to take responsibility for security standards within their organizations.

Consulting firm Protiviti's 2019 Finance Trends Survey showed that data security and privacy was the top priority overall for CFOs and finance executives, and the second-highest budget priority.

The top five overall priorities for finance leaders, according to the findings, were:

• Security and privacy of data (84%)
• Enhanced data analytics (79%)
• Process improvement and data analytics (75%)
• Changing demands and expectations of internal customers (73%)
• Embracing new technologies (73%)

Tracking cyber threats

Education and understanding are two of the most powerful weapons in any CFO's arsenal in the fight against cybercrime. The more information you have, the better placed you are to protect the organization against the latest dangers.

One of the biggest demands on businesses is keeping up with rapid changes in the threat landscape, as attackers constantly come up with new techniques to breach organizations' defenses.

According to Kaspersky, the average cost of an attack in 2019 increased to between $108,000 and $1.4 billion (subject to business size), while average global spend on security products and services reached a new high of approximately $124 billion.

They also highlighted some of the trends it expects to prove significant in 2020, including:

• Targeted ransomware attacks on banks
• Attacks against cryptocurrencies like Libra, Ton and Gram
• Hackers targeting implanted and wearable medical devices
• Telecoms provider vulnerabilities and infrastructure risks arising from the 5G rollout

Raising your security standards

As well as educating yourself and the members of your team on the latest threats, what other steps can you take to strengthen financial security within the organization?

• Embrace automation - this technology can help you stay one step ahead of the attackers with techniques like data gathering and analysis to improve your threat intelligence and identify vulnerabilities.
• Set defenses for each stage of an attack - cyberattacks typically move through various stages, from early reconnaissance and scanning for weak points to exploitation and efforts by the attackers to hide their tracks. You can increase your protection by implementing countermeasures at each stage.
• Move data to the cloud - the cloud has reached such a level of maturity that an increasing number of CFOs will see it as a viable way to store and protect valuable data. Established cloud providers could have more resources and expertise than the average business to dedicate to security.

As the threat landscape continues to evolve and attackers pose new and more dangerous threats to businesses, finding the strongest safeguards and security measures for the company could prove vital to your future success.